Network-provided content, such as Internet web pages or media content such as video, pictures, music, and the like, are typically served to end users via networked computer systems. End user requests for the network content are processed and the content is responsively provided over various network links. These networked computer systems can include origin hosting servers which originally host network content of content creators or originators, such as web servers for hosting a news website. However, these computer systems of individual content creators can become overloaded and slow due to frequent requests of content by end users.
Content delivery systems have been developed which add a layer of caching between the origin servers of the content providers and the end users. The content delivery systems typically have one or more content delivery nodes distributed across a large geographic region to provide faster and lower latency access to the content for the end users. When end users request content, such as a web page, which is handled through a content delivery node, the content delivery node is configured to respond to the end user requests instead of the origin servers. In this manner, a content delivery node can act as a proxy for the origin servers.
Content of the origin servers can be cached into the content delivery nodes, and can be requested via the content delivery nodes from the origin servers of the content originators when the content has not yet been cached. Content delivery nodes usually cache only a portion of the original source content rather than caching all content or data associated with an original content source. The content delivery nodes can thus maintain only recently accessed and most popular content as cached from the original content sources. Thus, content delivery nodes exchange data with the original content sources when new or un-cached information is requested by the end users or if something has changed in the original content source data.
In some instances, an end user device may be configured to “attack” server equipment by repeatedly and frequently requesting content from a content provider, or cause the server equipment to process many content-related tasks at once, among other operations. For example, during a network bot attack, a denial of service (DoS) attack, or a distributed denial of service (DDoS) attack, one or more end user devices can request network content at a frequent pace so as to overload or crash network equipment. In cases where an origin server alone serves the network content, the origin server can quickly become overloaded by the frequent content requests and crash.